Chatness 2.5.3 - options.phpsave.php Remote Code Execution

Chatness 2.5.3 - options.phpsave.php Remote Code Execution ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of...

Chatness 2.5.3 - '/options.php/save.php' Remote Code Execution

?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.php the problems occur because the...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-4577

Multiple cross-site scripting XSS vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 email, 2 websites, and 3 groupAddName parameters in a save.php; the 4 errorMsg parameter in b index.php; and the 5 goTo and 6...

CVE-2006-4577

CVE-2006-4577 affects The Address Book 1.04e. It contains multiple cross-site scripting (XSS) vulnerabilities allowing an attacker to inject arbitrary scripts via: (1) email, (2) websites, (3) groupAddName in save.php; (4) errorMsg in index.php; (5) goTo and (6) search in search.php. CVSS v2 base...

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the 1 lastname, 2 firstname, 3 passwordOld, 4 passwordNew, 5 id, 6 language, 7 defaultLetter, 8 newuserPass, 9 newuserType, 10 newuserEmail parameters in a user.php; the 1...

CVE-2006-4577

Multiple cross-site scripting XSS vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 email, 2 websites, and 3 groupAddName parameters in a save.php; the 4 errorMsg parameter in b index.php; and the 5 goTo and 6...

PHP Easy Download admin/save.php moreinfo Parameter Code Injection

The version of PHP Easy Download installed on the remote host fails to sanitize input to the 'moreinfo' parameter before using it in the 'save.php' script. By sending a specially crafted value, an attacker can store and execute code at the privilege level of the remote web server. %NASLMINLEVEL...

PHP Easy Downloader <= 1.5 (save.php) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =================================================================== PHP Easy Downloader +------------------------------------------------------------------------------------------- + Details: + PHP Easy Download by default installation...

PHPSurveyor 0.995 - &#039;surveyid&#039; Remote Command Execution

!/usr/bin/php -q -d shortopentag=on works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo "\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...

phpsurveyor Multiple Vulnerabilities

------------------------------------------------------------------ - phpsurveyor Multiple Vulnerabilities - -= http://colander.altervista.org/advisory/phpsurveyor.txt =- ------------------------------------------------------------------ -= phpsurveyor =- Omnipresent April 18, 2006 Vunerabilitys:...